oss-sec mailing list archives
Re: radvd 1.8.2 released with security fixes
From: Reuben Hawkins <reubenhwk () gmail com>
Date: Fri, 14 Oct 2011 06:58:56 -0700
On Wed, Oct 12, 2011 at 3:09 AM, Vasiliy Kulikov <segoon () openwall com> wrote:
On Tue, Oct 11, 2011 at 23:26 -0700, Reuben Hawkins wrote:On Sat, Oct 8, 2011 at 9:55 AM, Vasiliy Kulikov <segoon () openwall com> wrote:Crap, thank you for noticing it, guys. The fix should be: https://github.com/reubenhwk/radvd/commit/7a1471b62da88373e8f4209d503307c5d841b81f Now, "", "..", "." and filenames with "/" inside are denied.In case someone didn't fully track the discussion thread, I'll sum it up - In the original patch the variable name is typoed/confused - the check should be against "iface" instead of "name". The check against "name" is totally wrong as it checks a static hint string, which always passes the check. The confused blacklisted iface set is a bug, but not a security bug; the confused variable name is indeed a security bug (not a flaw per se, but it greatly weakens the privsep model). Thanks to Solar Designer for pointing out that this thing is probably not clear to everybody. -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments
radvd-1.8.3 posted.
Current thread:
- radvd 1.8.2 released with security fixes Solar Designer (Oct 06)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 07)
- Re: radvd 1.8.2 released with security fixes Robert Święcki (Oct 07)
- Re: radvd 1.8.2 released with security fixes John Haxby (Oct 07)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 08)
- Re: radvd 1.8.2 released with security fixes Reuben Hawkins (Oct 11)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 12)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 12)
- Ruby 3.0.10 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried (Oct 12)
- Re: radvd 1.8.2 released with security fixes Reuben Hawkins (Oct 14)
- Re: radvd 1.8.2 released with security fixes Robert Święcki (Oct 07)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 07)
- Re: radvd 1.8.2 released with security fixes Solar Designer (Oct 13)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 13)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 14)
- Re: radvd 1.8.2 released with security fixes Yves-Alexis Perez (Oct 20)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 21)